From: Alexander Nyberg <alexn@dsv.su.se>

This fixes a theoretical bug indicated in:
http://bugme.osdl.org/show_bug.cgi?id=240

It prevents overflow in case the required buffer is larger than the passed
buffer.  This I found to be the minimally intrusive change.

Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/drivers/parport/probe.c |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff -puN drivers/parport/probe.c~off-by-one-in-drivers-parport-probec drivers/parport/probe.c
--- 25/drivers/parport/probe.c~off-by-one-in-drivers-parport-probec	2004-12-01 23:18:59.675275416 -0800
+++ 25-akpm/drivers/parport/probe.c	2004-12-01 23:18:59.679274808 -0800
@@ -164,8 +164,16 @@ ssize_t parport_device_id (int devnum, c
 		if (retval != 2) goto end_id;
 
 		idlen = (length[0] << 8) + length[1] - 2;
-		if (idlen < len)
+		/*
+		 * Check if the caller-allocated buffer is large enough
+		 * otherwise bail out or there will be an at least off by one.
+		 */
+		if (idlen + 1 < len)
 			len = idlen;
+		else {
+			retval = -EINVAL;
+			goto out;
+		}
 		retval = parport_read (dev->port, buffer, len);
 
 		if (retval != len)
@@ -205,11 +213,12 @@ ssize_t parport_device_id (int devnum, c
 		buffer[len] = '\0';
 		parport_negotiate (dev->port, IEEE1284_MODE_COMPAT);
 	}
-	parport_release (dev);
 
 	if (retval > 2)
 		parse_data (dev->port, dev->daisy, buffer);
 
+out:
+	parport_release (dev);
 	parport_close (dev);
 	return retval;
 }
_